<?php
// DB Created by Rich L. a member in service in Northern Delaware.  Please feel free to share this code wherever it may be useful to alcholoics.  Should you have questons please contact me at sobernerd@gmail.com
$pageTitle = 'NDIAA - Administration - Change Password';
require_once ('../../config/include_paths.php');
require_once ('../../admin/config.php');
require_once('../../admin/dbconnect.php');	// database connect script.
session_start();

if ($_SESSION['logged_in'] == 0) {
require ('../../admin/security_check.php');
} else { 
require_once ('../../admin/head.php');
?>

<body onLoad="$('focus').focus();">
<div id="wrapper">
  <div class="padb_cont">
    <div class="header"><?php echo $banner; ?></div>
  </div>
  <div class="navbox_cont">
    <div class="navbox_left">
      <div align="center">
        <?php require_once ('../../admin/admin_nav.php'); ?>
      </div>
    </div>
    <?php

if ($_POST['submit']) { // if form has been submitted
	// get old password for comparison	
	$pw_sql = "SELECT password FROM users where username = '".$_SESSION['username']."'";
				$pw_result = mysql_query($pw_sql) or die(mysql_error());
				while ($pw_row = mysql_fetch_assoc($pw_result))
	{$old_password = $pw_row['password'];}
											
	/* check they filled in what they supposed to, 
	passwords matched, old password correct */
	if (!$_POST['uname'] | !$_POST['old_passwd'] | !$_POST['new_passwd'] | !$_POST['new_passwd_again'] ) {
		die('You did not fill in a required field. Please <a href="changepw.php" title="Change Password">try again</a>');
	}

	// check if username exists in database.

	if (!get_magic_quotes_gpc()) {
		$_POST['uname'] = addslashes($_POST['uname']);
	}

	// check Old password
	
	if (md5($_POST['old_passwd']) != $old_password) {
		die('Old passwords incorrect please <a href="changepw.php">click here</a> to try again.');
	}
	
	
	// check new passwords match

	if ($_POST['new_passwd'] != $_POST['new_passwd_again']) {
		die('New passwords did not match please <a href="changepw.php">click here</a> to try again.');
	}	
	
	// make sure new passwords at least 6 chars
	if (strlen($_POST['new_passwd']) < 6) {
		die('Password must be at least 6 characters <a href="changepw.php">click here</a> to try again.');
	}

	
	// no HTML tags in username, password

	$_POST['uname'] = strip_tags($_POST['uname']);
	$_POST['new_passwd'] = strip_tags($_POST['new_passwd']);
	


	// now we can edit the database.
	// encrypt password

	$new_password = md5($_POST['new_passwd']);
	$editor = $_SESSION['username'];

	if (!get_magic_quotes_gpc()) {
		$new_password  = addslashes($_POST['new_passwd']);
								}
		
	$sql= "UPDATE users SET password='$new_password' WHERE username='$editor' ";
	$result = mysql_query($sql) or die(mysql_error());
	
?>
    <h1>&nbsp;Password Changed</h1>
    <p>Your password has been changed you may <a id="focus" href="admin.php" title="Return to Main Page">log in again please</a>.</p>
    <?php

} else {	// if form hasn't been submitted

?>
    <div style="float:left">
    <h1> &nbsp;Change Password</h1>
    <form action="<?php echo $_SERVER['../../admin/PHP_SELF']; ?>" method="post">
      <table align="center" border="0" cellspacing="0" cellpadding="3">
        <tr>
          <td>Username*:</td>
          <td><input style="background-color:#CCC" type="text" name="uname" value="<?php echo $_SESSION['username'] ?>" readonly maxlength="40">
          </td>
        </tr>
        <tr>
          <td>Old Password*:</td>
          <td><input type="password" name="old_passwd" id="focus" maxlength="50">
          </td>
        </tr>
        <tr>
          <td>New Password*:</td>
          <td><input type="password" name="new_passwd" maxlength="50">
          </td>
        </tr>
        <tr>
          <td>Confirm New Password*:</td>
          <td><input type="password" name="new_passwd_again" maxlength="100">
          </td>
        </tr>
        <tr>
          <td colspan="2" align="right"><div align="center">
              <input type="submit" name="submit" value="Submit New Password">
            </div></td>
        </tr>
      </table>
    </form>
    </div>
    <?php
mysql_close($conn);
}}

?>
  </div>
</div>
</body>
</html>
